CSC8015：Cybersecurity

Introduction to Cybersecurity

Security

Security is defined according to three main properties: Confidentiality, Integrity, and Availability (often referred as the three tenants

of security, or CIA triad). Below we discuss each of them briefly.

Confidentiality: The confidentiality of a system is preserved if, and only if, the outcomes of different actions in the system are

only visible by authorised subjects.

Integrity: The integrity of a system is preserved if, and only if, actions changing the system are performed by authorised subjects

Availability: The availability of a system is preserved if, and only if, subjects can perform all actions they are authorised for.

安全
安全性根据三个主要属性进行定义：机密性、完整性和可用性（通常称为三个租户）
安全，或中央情报局三合会）。下面我们简要讨论它们中的每一个。
机密性：当且仅当系统中不同操作的结果是
只有授权的主体才能看到。
完整性：当且仅当授权主体执行更改系统的行动时，系统的完整性才能得到维护
可用性：当且仅当受试者可以执行他们被授权的所有操作时，系统的可用性才会被保留。

Hacking:
The Term “Hacking” in information security refers to exploiting the vulnerabilities in a system, compromising the security to gain unauthorized command and control over the system resources. Purpose of hacking may include modification of system resources, disruption of features and services to achieve goals. It can also be used to steal information for any use like sending it to competitors, regulatory bodies or publicizing the sensitive information.

黑客：
信息安全中的“黑客攻击”一词是指利用系统中的漏洞，危及安全性以获得对系统资源的未经授权的命令和控制。黑客攻击的目的可能包括修改系统资源、破坏功能和服务以实现目标。它还可用于窃取信息以用于任何用途，例如将其发送给竞争对手、监管机构或公开敏感信息。

What? Gaining unauthorized acess
How? Exploiting(take advantage)a vulunerability(weakness) in a system,and compromising (exposing confidential data) the system,to gain unauthorized access and control over the system resources.

Hackers
1.Black-hat Hackers
2.White-Hat Hackers
3.Grey-hat Hackers

What is Ethical Hacking?
Ethical Hacking Definition
The exploitation of an IT system with the permission of its owner.
The ethical hacker signs a non-disclosure agreement with the employer.

Pentration Testing Activities:
To identify threats&vulnerabilities within an organisation.
To identify what attackers can do, if they manage to access the system.
To provide remediation actions for the vulnerabilites detected.

Ethical Hacking Personnel:
Blue Team
Red Team

Types of Penetration Testing
Black-Box Testing:Zero Knowledge
Grey-Box Testing:Some Knowledge
White-Box Testing:Full Knowledge

Blind Testing(Attack based on Public Information)
Double-Blind Testing(Testing Response Procedure)
Targeted Testing
Internal

Ethical Hacking and Penetration Testing
An ethical hacker is someone who proactively finds vulnerabilities in a system in order to fix them. The scope of an ethical hacker can be wide and cover employees social networking accounts to specific technical environments within an organisation. Relevant qualifications are also needed.

Penetration testing occurs on certain technical environments and may be used by ethical hackers to reveal vulnerabilities in a system. Penetration testing is narrower in scope than ethical hacking. You do not need to be qualified to do a penetration test because the tested system does not have to be on a live environment.

We will be focusing on penetration testing technical environments that have low risk and are just for practice.
道德黑客和渗透测试
一个有道德的黑客是主动发现系统中的漏洞以修复它们的人。道德黑客的范围可以很广，包括员工的社交网络帐户，以及组织内的特定技术环境。还需要相关资格。

渗透测试发生在某些技术环境中，可能被道德黑客用来揭示系统中的漏洞。渗透测试的范围比道德黑客更窄。您不需要具备进行渗透测试的资格，因为测试系统不必在实时环境中。

我们将专注于低风险且仅用于实践的渗透测试技术环境。

Glossary
Below are some terms you may encounter during the course:

Security Personnel

Blue Team: Security orientated personnel protecting a system.

Red Team: Security orientated personnel evaluating a system for weakness.

Ethical Hacker: Individual qualified to undertake to security analysis on a system, such as penetration testing.

Penetration Tester: Individual evaluating the technical security of a system.

Black hat Hacker: Individual hacker who attempts to exploit systems for personal gain.

Networks

Network: A number of computer linked together such that information can be exchanged

Host: A computer that is part of a network

Host Discovery: The process of seeing what hosts are available on a network

术语表
以下是您在课程中可能遇到的一些术语：

安全人员

蓝队：以安全为导向的人员保护系统。

红队：以安全为导向的人员，评估系统的弱点。

道德黑客：有资格对系统进行安全分析的个人，如渗透测试。

渗透测试人员：评估系统技术安全的人员。

黑帽黑客：试图利用系统谋取私利的个人黑客。

网络

网络：连接在一起的多部电脑，以便交换资料

主机：作为网络一部分的计算机

主机发现：查看网络上可用主机的过程

Security Tools
Generally speaking a great amount of knowledge about computer systems is needed to be a successful ethical hacker. There is no true substitute for this. However, tools can be used to somewhat automate this process for those less experienced or even for those who are experienced but want to expedite the process. It is important no matter what to understand the process or general approach we take and then figure out if there is a tool to automate the process.

There are many security tools we will use.If you are ever stuck on a certain tool in general you can follow this approach to figure out how to use it.

Type the name of the tool into the command prompt without any arguments. e.g. “nmap”. Typically, how the tool can be used is described.
If that is insufficient, try the nmap website: https://nmap.org.Links to an external site.
Check online material outside of the course material for specific advice. e.g. search for “nmap host discovery tutorial”.

安全工具
一般来说，要成为一个成功的道德黑客，需要大量的计算机系统知识。这一点没有真正的替代品。然而，对于那些经验不足的人，甚至对于那些有经验但希望加快过程的人，可以使用工具来在一定程度上自动化这个过程。无论如何，重要的是要了解我们采取的过程或一般方法，然后弄清楚是否有一个工具来自动化这个过程。

我们将使用许多安全工具。如果你曾经被某个工具卡住，你可以按照这个方法来弄清楚如何使用它。

在命令提示符下键入工具的名称，不带任何参数。例如“nmap”。通常，描述了如何使用该工具。
如果这还不够，请尝试nmap网站：https://nmap.org.Links到外部网站。
查看课程材料之外的在线材料以获得具体建议。例如，搜索“NMAP主机发现教程”。

Setting Up a Hacking Lab

Hacking Lab:

In the security education, to better understand security theories, you will need to have access to sophisticated security tools as well as the capability to install and configure related applications. For example, to understand how a penetration testing is performed , you need to identify vulnerable systems in the network and perform hacking with different hacking tools. This means in some settings, the need to expose to the whole network infrastructure as well as the tools used by attackers to compromise the security of the system. These activities are something that network administrators work hard to prevent. Also, if you want to perform a task as such as a denial of service attack with several machines to work together, machine supplies is a challenge for many lab environments. And here comes the use of virtual machines.

Why virtual machines are important for ethical hacking?

With virtual machines, you have the following advantages:

You can test an exploit or vulnerability without risking to crash a production network.
You can legally practice hacking without having any legal problems, as you’re basically hacking yourself, giving yourself permission to hack your machines. In some countries, even doing a portscan without proper authorization can cause you serious legal issues.
It’s the same idea as having children play in a sandbox, i.e. you can practice hacking in a safe environment without causing any issues and still learn.

Introduction to Kali Linux

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. It has over 600 preinstalled penetration-testing programs including:

Armitage (a graphical cyber attack management tool)
Nmap (a port scanner)
Wireshark ( a packet analyzer)
John the ripper (a password cracker)
Aircrack-ng (a software suite for penetration-testing wireless LANs)
Burp suite
OWASP ZAP web application security scanners.
And much more …
Kali Linux是一个Debian派生的Linux发行版，专为数字取证和渗透测试而设计。 它由进攻安全部门维护和资助。它有超过600个预装的渗透测试程序，包括：

Armitage（图形化网络攻击管理工具）
Nmap（端口扫描器）
Wireshark（数据包分析器）
约翰开膛手（密码破解器）
Aircrack-ng（用于渗透测试无线局域网的软件套件）
Burp Suite
OWASP ZAP Web应用程序安全扫描器。
和更多…

Kali Terminal and commands

In this section, we introduce some Linux fundamentals that will help you getting started with Kali. One of the most important features is the command line. By “command line”, we mean a text-based interface that allows you to enter commands, execute them, and view the results. You can run terminal (a textual screen within the graphical desktop, or the text console itself outside of any graphical interface) and a command interpreter inside it (the shell).

The File System Hierarchy standard

As with other Linux distributions, Kali Linux is organised to be consistent with the Filesystem Hierarchy Standard (FHS), allowing users of other Linux distributions to easily find their way around Kali. The FHS defines the purpose of each directory. The top-level directories are described as follows.

/bin/: basic programs

/boot/: Kali Linux kernel and other files required for its early boot process

/dev/: device files

/etc/: configuration files

/home/: user’s personal files

/lib/: basic libraries

/media/*: mount points for removable devices (CD-ROM, USB keys, and so on)

/mnt/: temporary mount point

/opt/: extra applications provided by third parties

/root/: administrator’s (root’s) personal files

/run/: volatile runtime data that does not persist across reboots (not yet included in the FHS)

/sbin/: system programs

/srv/: data used by servers hosted on this system

/tmp/: temporary files (this directory is often emptied at boot)

/usr/: applications (this directory is further subdivided into bin, sbin, lib according to the same logic as in the root directory) Furthermore, /usr/share/ contains architecture-independent data. The /usr/local/directory is meant to be used by the administrator for installing applications manually without overwriting files handled by the packaging system (dpkg).

/var/: variable data handled by daemons. This includes log files, queues, spools, and caches.

/proc/ and /sys/ are specific to the Linux kernel (and not part of the FHS). They are used by the kernel for exporting data to user space.

The User’s Home Directory
The contents of a user’s home directory are not standardised but there are still a few noteworthy conventions. One is that a user’s home directory is often referred to by a tilde (“~”). That is useful to know because command interpreters automatically replace a tilde with the correct directory (which is stored in the HOME environment variable, and whose usual value is /home/user/).

Traditionally, application configuration files are often stored directly under your home directory, but the filenames usually start with a dot (for instance, the mutt email client stores its configuration in ~/.muttrc). Note that filenames that start with a dot are hidden by default; the ls command only lists them when the -a option is used and graphical file managers need to be explicitly configured to display hidden files.

Some programs also use multiple configuration files organised in one directory (for instance, ~/.ssh/). Some applications (such as the Firefox web browser) also use their directory to store a cache of downloaded data. This means that those directories can end up consuming a lot of disk space.

These configuration files stored directly in your home directory, often collectively referred to as dotfiles, have long proliferated to the point that these directories can be quite cluttered with them. Fortunately, an effort led collectively under the FreeDesktop.org umbrella has resulted in the XDG Base Directory Specification, a convention that aims at cleaning up these files and directories. This specification states that configuration files should be stored under ~/.config, cache files under ~/.cache, and application data files under ~/.local (or subdirectories thereof). This convention is slowly gaining traction.

Graphical desktops usually have shortcuts to display the contents of the ~/Desktop/ directory (or whatever the appropriate translation is for systems not configured in English).

Network Basics

A computer network is a number of nodes connected through data links. Data Transmission occurs over these links through various means (such as wired or wireless). Two nodes in a network are considered connected when one node can transmit data to another node.

Routing is the process of selecting network paths to carry network traffic. Routing is performed for many kinds of networks, including circuit switching networks and packet switched networks.

计算机网络是通过数据链路连接的多个节点。数据传输通过各种方式（例如有线或无线）在这些链路上发生。当一个节点可以向另一个节点传输数据时，网络中的两个节点被认为是连接的。

路由是选择网络路径以承载网络流量的过程。路由是为许多种网络执行的，包括电路交换网络和分组交换网络。

MAC Address: Media Access Control
Physical,Permanent,Unique
Assigned by the Manufacturer to:
Network interface card = Interface controller = Network adapter

change MAC
Be anonymous
Impersonate other device
Bypass filters

IP Address: Internet Protocol Address
can change
can how devices on the internet communicate

Discovering Devices Connected to Same Network

Netdiscover is a simple ARP scanner which can be used to scan for live hosts in a network. It can scan for multiple subnets also. It simply produces the output in a live display (ncurse). This can be used in the first phases of a pen-test where you have access to a network. Netdiscover is a simple and initial-recon tool which can be very handy.
Netdiscover是一个简单的阿普扫描程序，可用于扫描网络中的活动主机。它还可以扫描多个磁盘。它只是在实时显示（ncurse）中生成输出。这可以在您可以访问网络的笔测试的第一阶段使用。Netdiscover是一个简单的初始侦察工具，可以非常方便。

Options:

-i device: your network device
-r range: scan a given range instead of auto scan. 192.168.6.0/24,/16,/8
-l file: scan the list of ranges contained into the given file
-p passive mode: do not send anything, only sniff
-m file: scan the list of known MACs and host names
-F filter: Customize pcap filter expression (default: “arp”)
-s time: time to sleep between each arp request (miliseconds)
-n node: last ip octet used for scanning (from 2 to 253)
-c count: number of times to send each arp reques (for nets with packet loss)
-f enable fastmode scan, saves a lot of time, recommended for auto
-d ignore home config files for autoscan and fast mode
-S enable sleep time supression betwen each request (hardcore mode)
-P print results in a format suitable for parsing by another program
-N Do not print header. Only valid when -P is enabled.
-L in parsable output mode (-P), continue listening after the active scan is completed

Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

Nmap（Network Mapper）是一个用于网络发现和安全审计的免费开源实用程序。许多系统和网络管理员还发现它对诸如网络清点、管理服务升级计划以及监视主机或服务故障等任务很有用。Nmap以新颖的方式使用原始IP数据包来确定网络上可用的主机，这些主机提供的服务（应用程序名称和版本），它们正在运行的操作系统（和OS版本），正在使用的数据包过滤器/防火墙类型以及数十个其他特征。它被设计为快速扫描大型网络，但对单个主机运行良好。Nmap可以在所有主流的计算机操作系统上运行，官方的二进制包可以在Linux、Windows和Mac OS X上使用。

Man In The Middle Attack (MITM)

We call this type of attack: Man in The Middle Attack. Cybercriminals can use MITM attacks to gain control of devices in a variety of ways. ARP Spoofing, and below we list other types of MITM.
我们称这种攻击为：中间人攻击。网络犯罪分子可以使用MITM攻击以各种方式控制设备。 阿普欺骗，下面我们列出其他类型的MITM。

ARP Spoofing is a technique by which an attacker sends spoofed Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker’s MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead.

ARP spoofing may allow an attacker to intercept data frames on a network, modify the traffic, or stop all traffic.

The attack can only be used on networks that use ARP, and requires attacker have direct access to the local network segment to be attacked.
阿普欺骗是一种技术，攻击者通过这种技术将欺骗的地址解析协议（ARP）消息发送到局域网上。一般来说，目的是将攻击者的MAC地址与另一个主机（如默认网关）的IP地址相关联，从而导致任何针对该IP地址的流量被发送给攻击者。

阿普欺骗可使攻击者拦截网络上的数据帧、修改流量或停止所有流量。

该攻击只能在使用阿普的网络上使用，并且需要攻击者能够直接访问要攻击的本地网段。

ARP(Address Resolution Protocol)
A simple Protocol used to map the IP address of a machine to its MAC address

Other Types of MITM Attacks:

1. IP spoofing

Every device capable of connecting to the internet has an internet protocol (IP) address, which is similar to the street address for your home. By spoofing an IP address, an attacker can trick you into thinking you’re interacting with a website or someone you’re not, perhaps giving the attacker access to information you’d otherwise not share.

2. DNS spoofing

Domain Name Server, or DNS, spoofing is a technique that forces a user to a fake website rather than the real one the user intends to visit. If you are a victim of DNS spoofing, you may think you’re visiting a safe, trusted website when you’re actually interacting with a fraudster. The perpetrator’s goal is to divert traffic from the real site or capture user login credentials.

3. HTTPS spoofing

When doing business on the internet, seeing “HTTPS” in the URL, rather than “HTTP” is a sign that the website is secure and can be trusted. In fact, the “S” stands for “secure.” An attacker can fool your browser into believing it’s visiting a trusted website when it’s not. By redirecting your browser to an unsecure website, the attacker can monitor your interactions with that website and possibly steal personal information you’re sharing.

4. SSL hijacking

When your device connects to an unsecure server — indicated by “HTTP” — the server can often automatically redirect you to the secure version of the server, indicated by “HTTPS.” A connection to a secure server means standard security protocols are in place, protecting the data you share with that server. SSL stands for Secure Sockets Layer, a protocol that establishes encrypted links between your browser and the web server.

In an SSL hijacking, the attacker uses another computer and secure server and intercepts all the information passing between the server and the user’s computer.

5. Email hijacking

Cybercriminals sometimes target email accounts of banks and other financial institutions. Once they gain access, they can monitor transactions between the institution and its customers. The attackers can then spoof the bank’s email address and send their own instructions to customers. This convinces the customer to follow the attackers’ instructions rather than the bank’s. As a result, an unwitting customer may end up putting money in the attackers’ hands.

6. Wi-Fi eavesdropping

Cybercriminals can set up Wi-Fi connections with very legitimate sounding names, similar to a nearby business. Once a user connects to the fraudster’s Wi-Fi, the attacker will be able to monitor the user’s online activity and be able to intercept login credentials, payment card information, and more. This is just one of several risks associated with using public Wi-Fi. You can learn more about such risks here.

7. Stealing browser cookies

To understand the risk of stolen browser cookies, you need to understand what one is. A browser cookie is a small piece of information a website stores on your computer.

For example, an online retailer might store the personal information you enter and shopping cart items you’ve selected on a cookie so you don’t have to re-enter that information when you return.

A cybercriminal can hijack these browser cookies. Since cookies store information from your browsing session, attackers can gain access to your passwords, address, and other sensitive information.

1. IP欺骗

每个能够连接到互联网的设备都有一个互联网协议（IP）地址，它类似于您家的街道地址。通过欺骗IP地址，攻击者可以欺骗您认为您正在与网站或其他人进行交互，可能会让攻击者访问您不会共享的信息。

2. DNS欺骗

域名服务器或DNS欺骗是一种迫使用户访问虚假网站而不是用户打算访问的真实的网站的技术。如果您是DNS欺骗的受害者，您可能会认为您正在访问一个安全，可信的网站，而实际上您正在与欺诈者进行交互。攻击者的目标是从真实的站点转移流量或捕获用户登录凭据。

3. HTTPS欺骗

当在互联网上做生意时，在URL中看到“HTTPS”而不是“HTTP”是网站安全和可信任的标志。事实上，“S”代表“安全”。攻击者可以欺骗您的浏览器，使其相信它正在访问一个受信任的网站，而实际上并非如此。通过将您的浏览器重定向到不安全的网站，攻击者可以监视您与该网站的交互，并可能窃取您共享的个人信息。

4. SSL劫持

当您的设备连接到不安全的服务器时（由“HTTP”表示），服务器通常会自动将您重定向到安全版本的服务器（由“HTTPS”表示）。与安全服务器的连接意味着标准安全协议已经到位，可以保护您与该服务器共享的数据。SSL代表安全套接字层，这是一种在浏览器和Web服务器之间建立加密链接的协议。

在SSL劫持中，攻击者使用另一台计算机和安全服务器，拦截服务器和用户计算机之间传递的所有信息。

5.电子邮件劫持

网络犯罪分子有时会针对银行和其他金融机构的电子邮件帐户。一旦他们获得访问权限，他们就可以监控该机构与其客户之间的交易。然后，攻击者可以伪造银行的电子邮件地址，并向客户发送自己的指令。这说服客户听从攻击者的指示，而不是银行的。结果，一个不知情的客户可能最终把钱交到攻击者手中。

6. Wi-Fi窃听

网络犯罪分子可以用非常合法的名字建立Wi-Fi连接，类似于附近的企业。一旦用户连接到欺诈者的Wi-Fi，攻击者将能够监视用户的在线活动，并能够拦截登录凭据，支付卡信息等。这只是使用公共Wi-Fi的几个风险之一。您可以在这里了解更多有关此类风险的信息。

7.窃取浏览器cookie

要了解被盗浏览器cookie的风险，您需要了解什么是cookie。浏览器Cookie是网站存储在您计算机上的一小段信息。

例如，在线零售商可能会将您输入的个人信息和您选择的购物车项目存储在Cookie上，这样您在返回时就不必重新输入这些信息。

网络犯罪分子可以劫持这些浏览器cookie。由于Cookie存储您的浏览会话信息，攻击者可以访问您的密码、地址和其他敏感信息。

Wireshark - for capturing and analysing intercepted dataIntroduction to Wireshark

Wireshark is a network protocol analyser. It is designed to help network administrators keep track of what is happening on their network.

How does it work? Wireshark allows you to select an interface, and then it logs all the traffic that flows through that interface. That interface can be a wireless or wired card on your computer.

Wireshark also has a graphical interface that allows you to analyse this traffic. It allows you to filter packets based on the protocol using them like HTTP for example.

It also allows you to look for certain things. For example if you’re looking for cookies or if you’re looking for ‘post’ or ‘get’ requests.

And it also allows you to search through these packets, so you can search through the information that’s stored in the packets and find the things that you’re looking for.

It’s a huge tool with lots of beneficial features.

So the main idea is that Wireshark is not a hacking tool, but it is a tool that allows you to capture the traffic that flows through your own computer, through your own interface, and so on.
Wireshark简介
Wireshark是一个网络协议分析器。它旨在帮助网络管理员跟踪网络上发生的事情。

它是如何工作的？Wireshark允许您选择一个接口，然后它会记录流经该接口的所有流量。该接口可以是计算机上的无线或有线卡。

Wireshark还有一个图形界面，允许您分析此流量。它允许您根据协议（例如HTTP）过滤数据包。

它还允许你寻找某些东西。例如，如果您正在寻找cookie，或者如果您正在寻找“发布”或“获取”请求。

它还允许你搜索这些数据包，所以你可以搜索存储在数据包中的信息，找到你要找的东西。

这是一个巨大的工具，有很多有益的功能。

所以主要的想法是Wireshark不是一个黑客工具，但它是一个允许你捕获通过你自己的计算机，通过你自己的界面等流动的流量的工具。
So lets start!

1. You can run Wireshark from the Kali machine via the command prompt or you can just go on ‘all applications’ and type ‘Wireshark’

The program will load, and as you can see from the highlighted part in the image below, it shows the packets flow through my eth0.

You can also open a capture file you’ve already captured, so for example, if you captured packets using any other program, and Wireshark will start analysing that file for you.

This is very helpful because sometimes you don’t really want to analyse the traffic on the fly. You may just want to capture it from your phone and you’re not even at home, but you’re in somewhere else doing your pen-test. So you can just capture the the data, store it in a file, and then you go back home and then you want to analyse what you captured later via Wireshark.

2. Go to your Kali Internet browser, go to Google.com, for example.

3. Now, you will notice on Wireshark, the traffic signal in eth0 is spiking up.

Wireshark use for MITM attacks

We said in the section above, that Wireshark is used to analyse packets transferred through your own computer. However, when you are the Man in the Middle, and you start sniffing data, and become able to capture all packets sent or received, you can analyse these data via Wireshark as well.

Wireshark - using filters, tracing, and dissecting packets

If you’re trying to inspect something specific, such as the traffic a program sends, it helps to close down all other applications using the network so you can narrow down the traffic. Still, you’ll likely have a large amount of packets to sift through. That’s where Wireshark’s filters come in.

The most basic way to apply a filter is by typing it into the filter box at the top of the window and clicking Apply (or pressing Enter). For example, type “dns” and you’ll see only DNS packets. When you start typing, Wireshark will help you autocomplete your filter.
You can also click Analyze > Display Filters to choose a filter from among the default filters included in Wireshark. From here, you can add your own custom filters and save them to easily access them in the future.
Another interesting thing you can do is right-click a packet and select Follow > TCP Stream.

You’ll see the full TCP conversation between the client and the server. You can also click other protocols in the Follow menu to see the full conversations for other protocols, if applicable.
Close the window and you’ll find a filter has been applied automatically. Wireshark is showing you the packets that make up the conversation.
Wireshark - Inspecting Packets

You can use Wireshark to inspect the packets sent over the network. This can allow you, for example, to capture usernames and passwords.

To do that:

Click a packet to select it and you can dig down to view its details.
You can also create filters from here — just right-click one of the details and use the Apply as Filter submenu to create a filter based on it.